The present invention relates generally to authentication using secure devices with limited cryptography, and more particularly pertains to authentication using secure devices with limited cryptography which no longer have the capability to do public-key cryptography and generate random numbers.
The present invention relates to computational devices that are secure, in the sense that they carry out correct computation (which may include storage and controlled usage of secrets) despite attacks by skilled and potentially well-funded adversaries.
When deployed, these computational devices interact with various authorities. In many scenarios, it is necessary for an authority to verify that a communication from an allegedly untampered computational device is genuine, and/or a computational device to verify that a communication allegedly from a particular authority is genuine.
Many strong and flexible techniques exist for this task. However, failures and other problems may leave these devices too crippled to perform these tasks. Two such failure scenarios are:
The computational device""s capability to perform public-key cryptography and random-number generation depends on software that is stored in rewritable media, and which may fail, leaving the device without these capabilities.
Various zeroization scenarios may cause an otherwise untampered computational device to lose knowledge of its own certified private key, and/or the authority""s public key.
The present invention provides a way to carry out authentication tasks in computational devices with constrained cryptographic capabilities.
The subject invention provides the following additional benefits:
It avoids the risks and complexities of maintaining a large database of secrets at an authority""s site.
It avoids the weaknesses of derived-key approaches.
It easily permits the authority who performs the authentication to differ from the installation authority who performs initialization.
It continues to insulate untampered computational devices from being threatened by the successful compromise of any other computational device.
Accordingly, it is a primary object of the present invention to provide authentication for secure devices with limited cryptography.
A further object of the subject invention is the provision of authentication for secure devices with limited cryptography which no longer have the capability to do public-key cryptography and generate random numbers.